On Wed, Jan 24, 2018 at 4:52 AM, Durumdara <durumdara@xxxxxxxxx> wrote: > Hello! > > Somewhere the system administrator (who don't know the PG really) installed > a PGSQL server (10.x) with a database. > He couldn't manage the server well. > > Yesterday my colleague saw 21 databases in this server with random names. > He checked it with built in PGAdmin IV. > Today we checked it again, and we saw 33 databases. > > The first name is "ahucli" for example - like an aztec king... :-). > > The server OS is Windows, the PGSQL is 10.x. > > What can cause this strange thing? > > 1.) PGAdmin IV bug? > 2.) Their server is hacked/cracked from outside? > 3.) A wrong configured tool, or an automation? > 4.) "Alien invasion", etc. > > Did you see same thing anywhere? > > Thank you for any advice in this theme! You could be looking at a very serious situation. Random data stored without your knowledge can be symptom of a hack or simple bug. Figuring out which is which is a very urgent consideration. You may want to consider: *) poke around created database and try to determine if the created databases point to something you created or more suspicious things. this is URGENT *) review firewall and network configuration *) review pg_hba.conf *) generally check logs everywhere, be advised hackers are often smart and covert tracks *) log all connections. adjust logging to also capture client ip and pid if not already *) log all queries (also with ajustments above). this is expensive, so be prepared to turn off when problem is found merlin
